April 16, 2014 at 23:07Data about 70,000 cards were compromised at the payment gateway of Russian Railways
Another sad news from the world of Heartbleed, which became known yesterday.
The card data that was used to buy tickets on the Russian Railways website was compromised for the simple reason that the Heartbleed vulnerability was closed on it only a week later (04.15.2013) . All this time, unknown attackers could steal data from the site with impunity, using the sensational vulnerability.
To attract attention to the problem and to motivate users to re-issue their cards with unknown hackers, the site sos-rzd.com was created , which posted a dump of payment data for April 14. The total number of records is 10532, which allows us to talk about approximately 70 thousand cards compromised over the week from the moment of vulnerability. For some reason, the authors themselves call the figure 200 thousand.
In this situation, the reaction of Russian Railways and VTB24 Bank itself seems strange. They completely deny the vulnerability and accuse the site of phishing activity.
Here is a comment from the VTB24 press service from the RBC website
However, this statement is not true. There was a vulnerability on the Russian Railways website, the author wrote about this in the topic What does Heartbleed face for a simple user? , he confirms that the vulnerability was discovered by him on the VTB24 gateway and on the Russian Railways website.
Another comment from the press service
Also a very strange statement. The vulnerability allows you to get data from server memory, respectively, if the user entered incomplete or incorrect data, then they will be the same in the dump. However, the authenticity of most data is verified by the users themselves. For example, Alexei Kopylov, one of the directors of Flexis, confirms that his data is on this list and gives a photo of the card + a screenshot of the electronic ticket.
Also, the authenticity of the data is indirectly confirmed by Victor Lysenko, CEO of Rocketbank, promising to reissue all the cards from the list.
It does not converge with phishing activity either. The site offers to check only 10 of the 16 digits of the card number. And also for the most incredulous, it gives you the opportunity to download the database as a file and check locally.
Moreover, it seems that a media campaign has been launched against the site. Such large sites as RBC, SecurityLab, JustMedia and others, without understanding the issue, occupy the position of VTB24 and call the site phishing.
It is sad that large Russian companies, instead of recognizing the problem and jointly taking measures to solve it, pretend that nothing happened, in parallel, trying to shut up the mouth of caring IT professionals.
The card data that was used to buy tickets on the Russian Railways website was compromised for the simple reason that the Heartbleed vulnerability was closed on it only a week later (04.15.2013) . All this time, unknown attackers could steal data from the site with impunity, using the sensational vulnerability.
To attract attention to the problem and to motivate users to re-issue their cards with unknown hackers, the site sos-rzd.com was created , which posted a dump of payment data for April 14. The total number of records is 10532, which allows us to talk about approximately 70 thousand cards compromised over the week from the moment of vulnerability. For some reason, the authors themselves call the figure 200 thousand.
In this situation, the reaction of Russian Railways and VTB24 Bank itself seems strange. They completely deny the vulnerability and accuse the site of phishing activity.
Here is a comment from the VTB24 press service from the RBC website
"Any attack on a payment gateway through which to purchase tickets online www.rzd.ru , was not. The gateway is protected by the latest version of the payment card data security standard. All customers who make transactions through it are guaranteed absolute security of payments, ”said a spokesman for the credit organization’s press service. The source of RBC in the bank is sure: the site was created so that its visitors leave their card details there.
However, this statement is not true. There was a vulnerability on the Russian Railways website, the author wrote about this in the topic What does Heartbleed face for a simple user? , he confirms that the vulnerability was discovered by him on the VTB24 gateway and on the Russian Railways website.
Another comment from the press service
If you carefully look at the site, it itself raises many questions: instead of surnames, numbers, abbreviations are used, there are Russian or incomplete names, which can not be in the case of bank cards. It looks like it's just a fake.
Also a very strange statement. The vulnerability allows you to get data from server memory, respectively, if the user entered incomplete or incorrect data, then they will be the same in the dump. However, the authenticity of most data is verified by the users themselves. For example, Alexei Kopylov, one of the directors of Flexis, confirms that his data is on this list and gives a photo of the card + a screenshot of the electronic ticket.
Also, the authenticity of the data is indirectly confirmed by Victor Lysenko, CEO of Rocketbank, promising to reissue all the cards from the list.
It does not converge with phishing activity either. The site offers to check only 10 of the 16 digits of the card number. And also for the most incredulous, it gives you the opportunity to download the database as a file and check locally.
Moreover, it seems that a media campaign has been launched against the site. Such large sites as RBC, SecurityLab, JustMedia and others, without understanding the issue, occupy the position of VTB24 and call the site phishing.
It is sad that large Russian companies, instead of recognizing the problem and jointly taking measures to solve it, pretend that nothing happened, in parallel, trying to shut up the mouth of caring IT professionals.